MAC-OS Could not connect to Meraki client VPN

Kave
Getting noticed

MAC-OS Could not connect to Meraki client VPN

MAC-OS Could not connect to Meraki client VPN , Windows and Android can connect successfully.

 

kav noroozi
11 Replies 11
BlakeRichardson
Kind of a big deal
Kind of a big deal

@Kave  Can you please post a screenshot of the error message you are getting thanks.

 

 

Also how have you setup the VPN connection on the Mac?

 

 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal

Do you get to the point of entering a username password?

 

If not double check the PSK is entered correctly.

 

What are you authenticating against?  Internet Meraki username/password, RADIUS, something else?

Kave
Getting noticed

Hi Philip,

I am using Radius and windows, Android can connect successfully, MAC-Os was connected successfully too but I'm not sure maybe MAC- OS update  or something else must cause of the problem, I'm using Fixed public IP on MX

kav noroozi
Kave
Getting noticed

I'm using windows RADIUS server, both Microsoft OS and Android can join to VPN but IOS problem.

kav noroozi
MichelRueger
Building a reputation

Hi Michael,

 

I am using MAC OSX to connect to my Meraki Home Network true Client VPN. My Meraki MX is behind a Service Provider ADSL Router witch is making NAT, so you need to open the specific port to be able to connect to the MX as VPN Device. But as you tell us that with other Device it is working this is not the Problem. are you Using a other User? Every User must be Enabled for VPN Connection. 

 

Bildschirmfoto 2019-07-22 um 09.41.31.png

 

On the Mac Site i go to Network Settings and and a VPN:

 

Bildschirmfoto 2019-07-22 um 09.48.28.png

After this be sure your Shared key is correct. This was my problem some time.

Also be sure that your are testing from the same Place as the other Systems witch are working. As for example from my corporate network I can not connect as the Ports for VPN are Blocked. I alway use my Mobile Phone Hotespot.

 

Hope this helps you. If not just send some Pictures of your MAC Settings.

 

Regards Michel Rueger

Uberseehandel
Kind of a big deal

Servus @MichelRueger 

 

I also have an MX behind a third party security appliance (aka Kharon).

 

I am uncertain as to which IP address to use in the port forwarding rule on Kharon.

 

The MX uplinks to Kharon on a LAN - 192.168.22.0/28 and receives an IP address from the DHCP server on that link.

 

Both the MX and Kharon have NAT active, for reasons of functionality and security. It does not have any impact upon the sipgate phone system.

 

Any guidance would be greatly appreciated

 

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
MichelRueger
Building a reputation

Hi All,

 

The best way is to use the DNS Name of your WAN Conection. This one is visible on the main dashboard view of your MX:

 

Bildschirmfoto 2019-07-22 um 12.59.49.png

 

Or you are using the Public IP but this one will change all the time. On your ADSL Router or Firewall in front of your MX you need to Make a Port forward to the ip address of the WAN interface:

 

This information you find on the Uplink TAB

 

Bildschirmfoto 2019-07-22 um 13.04.40.png

 

So the VPN Client connect to the public Name or IP. The front Firewall or ADSL Router NAT to the WAN interface from the MX

 

Hope this helps

Regards Michel

Uberseehandel
Kind of a big deal

Hi Michel

 

I have a port forwarding rule set to pass UDP ports 500 and 4500 through the firewall when being sent to 192.168.22.14, which is the MX WAN IP DHCP address. I can ping 192.168.22.14 however. This IP address does not change.

 

Now, the connection attempt fails quite quickly, but I don't see any meaningful error logging on any machine.

 

Thanks again

 

Robin

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
MichelRueger
Building a reputation

Hi Robin

 

I just checked everithing at home and I have the following Seetings.

 

To my Internet Provider I have a XDSL ROuter with Firewall. on this I added a Portforwarding to the Meraki WAN IP Adress for:

 

Bildschirmfoto 2019-07-22 um 17.39.45.png

sorry it is german 🙂 in fact the UPD Port 500 and 4500 are forwardet to the IP Adress of the MX WAN. qitch in my case is 192.168.1.101 as the network between the Internet Router and the MX is 192.168.1.0. Behind the MX also LAN site I have 192.168.4.0. 

 

I point my MAC VPN Setting to the Public IP or DNS from the Internet Router witch is shown in the Dashboard of the MX as Public Name or IP. 

 

The Client VPN Settings of the MX are the following:

Bildschirmfoto 2019-07-22 um 17.40.15.png

This is plan helps perhaps to understand.

 

IMG_5605.png

 

I hope this helps.

 

Regards Michel

 

Uberseehandel
Kind of a big deal

Michel

 

Thanks very much for that. What I have done already, looks like what you have set up. However, I need to check that the port forwarding rule I set up, actually does what I intended it to do. As configuring firewall features on the non-Meraki Security Appliance are unnecessarily complicated, it is easy to get it wrong.

 

Thanks so much, I shall work on it in the morning.

 

Cheers

Robin

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Kave
Getting noticed

Guys, I'm happy to tell you the problem has been solved, I found the way which is not the solution but it works.

instead Server Address Meraki DNS, I just used my Meraki public IP and IOS has been connected to VPN, High Seria can connect with both ( Meraki DNS and Meraki Public IP) But Mobile IOS and macOS Mojave or less had problem with Meraki DNS But work well by Meraki public IP.     🙂


Capture23.PNG

 

 

 

kav noroozi
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels